Ensuring Technical Readiness For Copilot in Microsoft 365
Consent Receipts: The Future of Personal Data - Michele Nati - Lead Technologist Personal Data and Trust - Digital Catapult
1. Consent Receipts:
The future of Personal Data
Sharing?
MyData 2016 Conference
Day 1, August 31st, Helsinki
Session: Making Trust Ecosystems Happen
Michele Nati
Lead Technologist Personal Data and Trust
Digital Catapult, London
@michelenati
2. What is a Consent Receipt?
h"ps://github.com/KantaraIni5a5ve/CISWG/blob/master/MVCR@Spec/MVCR@v0.8/MVCRC
v0.7.9.mdC
Recommenda5onC
forCstandard,C
KantaraCIni5a5ve,C
CISWGC
3. What a Consent Receipt could
be useful for?
TaCsC ConsentCNo5ceC
ConsentC
ReceiptC
AgreeCandCForgetC
LieC&CAgreeC
(Pre@service)CConsentCshouldCbe:C
@ FreelyCgivenC
@ Informed,CunambiguousCandC
specificC
@ NoCmoreClegi5mateCinterestC
(In@service)CConsent:C
@ Dynamic,CchangeCandC
removeC
@ TransparentC
@ AuditableC
@ BreachesCno5fica5onC
StandardizedCprocessCandCdataC(ConsentCReceipt)C
8. Initial findings
Consent Receipt design & content:
● Icons ●Text to accompany icons ● Colors (related to
security level)
● Quick to scan read ●Bulletpoints ● Who, what, why, where,
with whom
● Link with more info for each section ● Easy access (mobile)
● Forget me option ●Team/person details to contact for info/
complain
General Feeling:
• Necessity of the consent receipt: People recognise the need
to have more control over the data they share.
• Identification of a wider societal impact: collect consent
receipts to distinguish your data sharing patterns.
11. What we have learned?
(after involving lawyers !)
According to DPA, consent is not required for:
a) the “legitimate interests” of the data controller so long as they do
not override the fundamental rights of the data subject;
b) data that it is necessary to collect or process the data to fulfill a
contract the data subject asked to enter
This might limit the impact of Consent
Receipt and confuse end users
Solution: we will issue a Personal Data
Receipt (GDPR has an “Information Notice”
requirement), including all the collected
personal data
12. (PD) Receipt trial aims
• Educate consumers (visitors) about
information receipts
• Understand the value of information
receipts for consumers
• Increase transparency
• Promote good practices and adoption
of information receipts across a
various range of stakeholders
13. How to make this scalable?
This requires:
- 3rd party to provide service assessment
(similar to Privacy Seal assignation)
- Standardized Privacy Policies to make it
scalable
- A standardized (Consent) Information
Notice to guarantee interoperability
- Maintain easiness of understanding
from end-users
- We will combine with BSI PAS 4891
Initiative
14. BSI PAS 4891
• Recommendation on how organizations
communicate how they use customers
personal data online
• Define the categories of information
• Provide an initial icons mockup
• Can be used in layered privacy policies
(and information notice)
16. Here to help grow the UK’s
digital economy
Office of National Statistics shows only 7% of UK national output
comes from the digital sector significantly behind the global
leader South Korea at 11%.
17. DIGITAL CATAPULTS
Here to accelerate economic growth and
productivity for the UK
1
A not-for-profit, private limited company2
Completely neutral3
18. HOW DO WE DO THIS?
1.Through adding technological, business expertise and academia
o Help SMEs to scale faster
o Help businesses with digital transformation
2.Tackle large scale digital challenges that are too complex,
financially risky or take too long
3.Use Research & Development to open up new markets and
commercial opportunities
19. FIVE CENTRES ACROSS THE UK
We work across the UK with
• Digital communities
• Innovation clusters
• Businesses (all sizes)
• Public sector
• Research
• Government
• Universities and academics
• Not-for-profit organisations
20. WE WORK ACROSS A RANGE OF
TECHNOLOGY LAYERS
Next generation
Internet:
Internet of Things,
distributed ledger
technologies,
decentralised web,
5G and low
powered wide area
networks
Data-driven:
trust, privacy,
identity and
security
Intelligent:
machine learning
and artificial
intelligence
21.
22. Personal Data and Trust
Network
PDTNC
SMEsC
CorporatesCUniversi5esC
600+ Innovators in Personal Data and TrustC